The National Security Agency has released a guidance document on implementing Zero Trust within networks. The document, “Cybersecurity Information Sheet: Embracing a Zero Trust Security Model” explains what Zero Trust is, why it is necessary, and how to get started.
What is Zero Trust?
Traditional networks with users located inside a perimeter were usually based on a “trust but verify” security model built on the implicit trust of everything within. If users had credentials to enter the perimeter, they would have visibility and access to everything assigned to their business roles. Zero Trust turns that model around and creates an environment of “never trust, always verify” build on explicit trust and restricted access. The National Institute of Standards and Technology (NIST) defines several tenets and assumptions that should form the first principles of any Zero Trust use case. The Microsoft guiding principles of Zero Trust are a good place to start as you embark on a path toward a Zero Trust:
- Verify explicitly on all available data points, including identity, location, device health, and more
- Use least privileged access to limit users to just-in-time and just-enough-access (JIT/JEA)
- Assume breach and minimize damage by segmenting access and verifying all sessions
In the words of IEEE Senior Member Jack Burbank, “Zero trust is not a single product, nor is it a single approach or technique. It is a mindset, a decision. It is an organization saying, ‘Network security is a priority' and then putting resources behind that statement.”Zero Trust is not a single product or technique. It's a mindset #ZeroTrustClick To Tweet
What is Zero Trust Architecture?
A Zero Trust Architecture (ZTA) is the technical and operational implementation of the Zero Trust principles. NIST defines it as follows:
“ZTA is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies … the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a Zero Trust Architecture plan.”
The practical implication of a Zero Trust Architecture is that users will have the access they need, and security gaps will be avoided or corrected. Advanced threats are less of a risk in a ZTA network because Zero Trust Architecture requires ongoing session verification using real-time data points such as user identity, device health, workload and device identity, etc. ZTA also makes use of microsegmentation, which reduces the space an intruder can traverse through the network.
Now is the right time to get started with ZTA
The world has never been more dangerous in terms of cybercrime. Ransomware is surging, with damages estimated at over $1 billion worldwide. In August 2020, the FBI reported that BEC scams cost businesses more than $26 billion worldwide between 2016 and 2019. The average cost of a data breach in 2020 was $3.8 million. One cybercrime report predicts that damages will total $6 trillion worldwide by the end of this year.
Cyberattacks and malicious software are evolving, becoming more dangerous every day. Zero Trust Architecture protects your data, customers, employees, intellectual property, supply chain, and everything else associated with your network. Vasu Jakkal, Corporate VP for Security, Compliance, and Identity at Microsoft referred to Zero Trust initiatives as “the cornerstone of effective protection and the foundation for security.” In the modern era of cybercrime, Zero Trust Architecture isn’t just security. It’s business continuity.
Barracuda can help you on your way to Zero Trust
Barracuda CloudGen Access (CGA) is an innovative Zero Trust Network Access (ZTNA) solution that provides secure access to applications and workloads from any device and location. It’s a user-friendly solution that simplifies Software-Defined Networking (SDN), scalability across cloud and hybrid networks, regulatory compliance, and much more. User role and device attribute-based controls enable you to grant the contextual access necessary to power the Zero Trust principle of ongoing verification.
To learn more about how Barracuda CloudGen Access can get you started on the way to Zero Trust, visit our website at https://www.barracuda.com/products/cloudgen-access/
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.